Model-Based Tests for Access Control Policies
dc.contributor.author
Pretschner, Alexander
dc.contributor.author
Mouelhi, Tejeddine
dc.contributor.author
Le Traon, Yves
dc.date.accessioned
2023-09-27T09:36:59Z
dc.date.available
2017-06-08T20:12:29Z
dc.date.available
2023-09-27T09:36:59Z
dc.date.issued
2008
dc.identifier.isbn
978-0-7695-3127-4
en_US
dc.identifier.other
10.1109/ICST.2008.44
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/11271
dc.description.abstract
We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies-i.e., the model- and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants than the same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points.
en_US
dc.language.iso
en
en_US
dc.publisher
IEEE
en_US
dc.subject
Access control
en_US
dc.subject
Model-based testing
en_US
dc.subject
Mutation testing
en_US
dc.subject
Combinatorial testing
en_US
dc.title
Model-Based Tests for Access Control Policies
en_US
dc.type
Conference Paper
dc.date.published
2008-06-06
ethz.book.title
2008 1st International Conference on Software Testing, Verification, and Validation
en_US
ethz.pages.start
338
en_US
ethz.pages.end
347
en_US
ethz.event
1st International Conference on Software Testing Verification, and Validation (ICST 2008)
en_US
ethz.event.location
Lillehammer, Norway
en_US
ethz.event.date
April 9-11, 2008
en_US
ethz.publication.place
Piscataway, NJ
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03634 - Basin, David / Basin, David
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03634 - Basin, David / Basin, David
ethz.date.deposited
2017-06-08T20:12:40Z
ethz.source
ECIT
ethz.identifier.importid
imp59364c007ae8142684
ethz.ecitpid
pub:22410
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2017-07-12T23:11:45Z
ethz.rosetta.lastUpdated
2024-02-03T04:06:32Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Model-Based%20Tests%20for%20Access%20Control%20Policies&rft.date=2008&rft.spage=338&rft.epage=347&rft.au=Pretschner,%20Alexander&Mouelhi,%20Tejeddine&Le%20Traon,%20Yves&rft.isbn=978-0-7695-3127-4&rft.genre=proceeding&rft_id=info:doi/10.1109/ICST.2008.44&rft.btitle=2008%201st%20International%20Conference%20on%20Software%20Testing,%20Verification,%20and%20Validation
Files in this item
| Files | Size | Format | Open in viewer |
|---|---|---|---|
|
There are no files associated with this item. |
|||
Publication type
-
Conference Paper [34968]